I apologize for asking this here instead of Google's forums, but I find that they tend to yield no results at all, ever.
I have a domain verified on Google Apps through HTML file upload, which I am currently using for email.
I don't recall exactly how I prompted the verifications, but I got prompted for one about a week ago for another address#mydomain.com, and I'm trying to find out how I can void the verifications through HTML, so I can switch to the newer method of creating a DNS record.
And finally, is there a way an individual can void unauthorized verifications through Google? For example if someone verified a domain you currently own at an earlier point in time? Google doesn't allow any support contact for normal Apps accounts.
Thank you for any assistance.
Trying to verify the account or the domain?
What do you see when you go into the control panel?
If you use HTML validation and then change the IP of your web server you might get requested to re-validate.
Best use DNS validation.
Good luck.
Related
When attempting to use Google federated authentication login button for a Google webapp, error message identified mismatch with related URI and javascript host domains. Solutions, as in this 2019 post (Get gmail address using Google Apps Script, Error: redirect_uri_mismatch) weren't working for me.
I then found this recent article: What is the Authorized Javascript Origin for a webapp powered by Google Script?
I understand it to say that, due to recent actions by Google, it is no longer possible to use the Google authenticator for a Google webapp because redirect URI and javascript origin host domains "cannot be googleusercontent.com”, which is the host domain for Google webapps.
So, my question duplicates earlier posts (i.e., 2019) but in new circumstances. The conclusion of the recent post I've cited seems so radical to me that I'm seeking confirmation, or explanation of how I am misunderstanding it.
As background: I need the webapp to operate under the "(me)owner" account for connectivity to owner spreadsheets, but also need the user's Gmail address (required) for application access control (no other access to user Gmail account; users not all in a shared Workspace domain). Google login would provide the user Gmail address. So, before totally abandoning this solution, I hoping to get additional clarification.
According to the official docs, it's not possible to use Google Sign-In for Websites, and this post from the Google Apps Script Issue tracker Fail to Add *.googleusercontent.com into Authorized JavaScript origins as Google Apps Script uses googleusercontent.com
To achieve your goal, as I mentioned in your previous question, you might use the UrlFeth service to call the Google Sheets API to do the connectivity to your spreadsheet and setting the web app as the user instead as you.
From https://developers.google.com/identity/protocols/oauth2/web-server#uri-validation
Domain
Host TLDs (Top Level Domains) must belong to the public suffix list.
Host domains cannot be “googleusercontent.com”.
Redirect URIs cannot contain URL shortener domains (e.g. goo.gl) unless the app owns the domain. Furthermore, if an app that owns a shortener domain chooses to redirect to that domain, that redirect URI must either contain “/google-callback/” in its path or end with “/google-callback”.
Related
How to Properly Configure GAS Web App (as another user) to Execute GAS API Executable (as me) using OAuth2?
User access request when GAS run as the user
While true that you can no longer add googleusercontent.com, you may be able to solve this by using two webapps and managing authentication/authorization between the two:
Webapp#1:
Run as: Me
Access: Anyone even anonymous
Webapp#2:
Run as: User
Access: Anyone
You may be able to create a jwt token from webapp#2 and verify it on webapp#1. As it is a custom solution, security may be questionable.
References:
Authenticate with a server - Here, webapp#1 acts as server and webapp#2 acts as client.
ScriptApp.getIdentityToken()
First of all, sorry for my bad English :)
I am building a Gmail addon which integrates file uploading to an external website using their API. The API have an auth endpoint which uses plain authorization flow i.e. takes email and password of a user to authorize and return authorization token. That token is then used in the subsequent call of file uploading process.
My question is, it has been mentioned in gmail addon guide that an app should use oAuth when connecting to a third-party service. However, the related website's API do not have oAuth but use plain authorization flow. If I create a login form with email and password fields using the card service, would that be okay and approved by google to be listed in the addons directory? Creating oAuth on third party service is not in my hands
Thank you!
Q: would that be okay and approved?
My experience is that it is OK to use basic authentication (since a lot of APIs still use basic auth, it would be devastating if the use of API was prohibited), most likely you will be approved. However, if there ever be a version of the API that supports OAuth, please, migrate as soon as possible.
Caveats
You mentioned creating a login form in CardService - please, be aware that there are no "password"-style TextInputs, so all characters will be visible all the time + there isn't, as of yet, any support for input event, so you won't be able to emulate the behaviour easily.
If you are planning on storing the credentials, try to avoid using PropertiesService - it isn't considered a secure storage (though if credentials are to be entered only once, storing the token should be fine).
You will still be asked to implement the authorizationCheckFunction.
I'm currently trying to develop a Chrome extension which can receive notifications using GCM. When the extension is first installed, I register it using chrome.gcm.register(['my_sender_id'], function(registration_id) { console.log(registration_id); });.
I would like to send push messages to everyone who has the extension installed. However, the problem is that GCM requires you to specify the registration ID's of everyone you want to send the message to; you can't just send it to everyone who's connected to the sender ID.
While it would be possible to push the registration ID to a database when the extension is installed, and then consult this database each time I want to send a message, this solution seems sub-optimal (also from a security point of view, since the pushing of the registration ID would be done client-side).
However, Google introduced a solution for this a few years ago: topics. It's possible to simply register each device to a 'global' topic (for example) and when you then want to send a message, you only have to specify the 'global' topic as the receiver. However, I can't find how this registration process is done for Chrome extensions. I've looked everywhere, but it seems like Chrome's GCM module doesn't support this yet. Am I correct in this and if so, is there an alternative way to pull this off?
Any help would be greatly appreciated!
If you call chrome.instanceID.getToken and then use the InstanceID API from your server to subscribe to a topic, it seems to work, but then the chrome extension doesn't get messages when you push to that topic, so I'm not sure if Google just needs to enable something on their side to make it work. But this is the closest I could get to it in any case.
firebaser here
Thanks for the great feedback. There is no way at the moment to subscribe to a topic from a browser. We're aware that having such an API would simplify the development model. We'd love to add this to Firebase, but as usual can't make any promises or commitments.
First I apologize if I'm a dolt and am missing something obvious, but I've spent a few hours scouring documentation and am lost.
I'm trying to write a python script that will upload a bunch of images to a single user's Google Drive. The user already exists and will never change. I am not writing a web app and don't plan to use any user interface whatsoever. Everything will be done through code.
As best I can understand from the Google documentation, I have two choices:
1) Write a web app and register it to use the Drive DSK. This of course requires having urls and such for the web app.
2) Create a service account, which ties my "app" to a new service account email.
Neither of these options works for me. Is there any way to simply log in to a single user account and access their drive through python scripting?
There is a deprecated API called ClientLogin that would enable you to use the username and password for a login to access that Drive data.
But the basic idea is that you should be using something more secure -- from your users' point of view -- that allows them to authorize you without giving you their password.
For your use case it is possible that the user is you or someone you know and that you are accessing their account through a more personal kind of authorization. In that case, ClientLogin may be your best choice. If this is an application designed to be used by arbitrary users, the deprecation of ClientLogin is for a good reason and I would urge you to bite the bullet and choose one of the supported options.
The correct solution is to separate the authorization phase from the access phase. The authorization process needs to be run one time only, and can be done from a simple web site. The result of this is a refresh token which is analogous to a username/password. You will need to be aware of the security implications. Make sure you only grant drive.file scope to minimise the impact of a security breach.
Since you are uploading images, you might also want to look at the picassa api.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I'm having problems with gmail smtp server. I already read many posts here in StackOverflow about that subject.
The best post I found about test the connection is this one.
Although it is very well explained the error I'm getting I couldn't find a answer:
Google SMTP just says "Please log in via your web browser and then try again". I'm completely sure that the password and the email (both in base64) are well encoded.
As you can see here, in this image:
,
there is just one difference I can notice: the user#gmail.com and password is sent in two steps. In the link above the guy sends both at the same time. Google didn't accepted that.
But the fact is, I write
auth login Y29udGF0...
(user in base64, googles responds: )
334 UGFzc3dvcmQ6
(wich means "Password: ")
YzQ2MjJmNWVi.... (paste my password in base64 and hit "enter")
Then Goggle says:
Please log in via your web browser and then try again.
534-5.7.14 Learn more at https://support.google.com/mail/answer/7126229
And I'm going through all this problem because #MediaTemple and #DreamHost are not working with PHPMailer. I already use PHPMailer for a long time ago, in so many different hosts, using SMTP but failed with (mt) and Dreamhost. Now I'm in middle of a project that it >must< work on these two hosts.
I know this is an older issue, but I recently had the same problem and was having issues resolving it, despite attempting the DisplayUnlockCaptcha fix. This is how I got it alive.
Head over to Account Security Settings (https://www.google.com/settings/security/lesssecureapps) and enable "Access for less secure apps", this allows you to use the google smtp for clients other than the official ones.
Update
Google has been so kind as to list all the potential problems and fixes for us. Although I recommend trying the less secure apps setting. Be sure you are applying these to the correct account.
If you've turned on 2-Step Verification for your account, you might need to enter an App password instead of your regular password.
Sign in to your account from the web version of Gmail at https://mail.google.com. Once you’re signed in, try signing in
to the mail app again.
Visit http://www.google.com/accounts/DisplayUnlockCaptcha and sign in with your Gmail username and password. If asked, enter the
letters in the distorted picture.
Your app might not support the latest security standards. Try changing a few settings to allow less secure apps access to your
account.
Make sure your mail app isn't set to check for new email too often. If your mail app checks for new messages more than once every 10
minutes, the app’s access to your account could be blocked.
I did this every time the problem happens:
https://accounts.google.com/DisplayUnlockCaptcha
problem sorted in my case!
I recently got this message, too, after I switched the data center location of a web application sending through Google SMTP.
The URL that apparently Google means is: https://support.google.com/mail/answer/78754. At that link, one of the steps is to reset your password. Not coincidentally, I also received an email from google with a subject of "Suspicious sign in prevented" that instructed me to change my password.
After resetting my password, I was back to using Google SMTP as usual.
I know this question is already been answered but for new comers those two solutions may help:
Make sure your gmail is allowing low secure apps to sign in, you can
turn it on here:
https://www.google.com/settings/security/lesssecureapps.
Change your password.
There are two ways to resolve this, and only one may work, depending on how you're accessing Google.
The first method is to authorize access for your IP or client machine using the https://accounts.google.com/DisplayUnlockCaptcha link. That can resolve authentication issues on client devices, like mobile or desktop apps. I would test this first, because it results in a lower overall decrease in account security.
If the above link doesn't work, it's because the session is being initiated by an app or device that is not associated with your particular location. Examples include:
An app that uses a remote server to retrieve data, like a web site or, in my case, other Google servers
A company mail server fetching mail on your behalf
In all such cases you have to use the https://www.google.com/settings/security/lesssecureapps link referenced above.
TLDR; check the captcha link first, and if it doesn't work, try the other one and enable less secure apps.
To send mail using Gmail SMTP, need to change your account setting. Login into your gmail accout then follow the link below to change your gmail account setting to send mail using your apps and program. https://www.google.com/settings/security/lesssecureapps
Note: This setting is not available for accounts with 2-Step Verification enabled. Such accounts require an application-specific password for less secure apps access.
I also came across this problem. Google detected my Mac as a new device and blocked it. To unblock, in a web browser log in to your Google account and go to "Account Settings".
Scroll down and you'll find "Recent activities". Click just below that on "Devices".
Your device will be listed. Okay your device. SMTP started working for me after I did this and lowered the protection as mentioned above.
There are at least these two issues I have observed for this problem:
1) It could be either because your sender username or password might not be correct
2) Or it could be as answered by Avinash above, the security condition on the account. Once you try SendMail using SMTP, you normally get a notification in to your account that it may be an unauthorized attempt to access your account, if not user can follow the link to turn the settings to lessSecureApp. Once this is done and smtp SendMail is tried again, it works.
Some apps are marked as less secure by google, so you just need to give access for those app so google will allow you to access its services to you.
follow this http://www.codematrics.com/your-imap-server-wants-to-alert-you-to-the-following-please-login-via-your-web-browser-gmail/